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A method for generating data encryp- 
tion keys providing an increased level of 
security and versatility is provided for use 
with data communications between a server 
and a client. According to this method, a 
Master Key (MK) is stored in a secured 
area that is inaccessible to external systems. 
Also stored in this secured area arc several 
Scries Numbers (SN). Based on one of sev- 
eral offered mechanisms, an SN is selected. 
The selected SN is then encrypted by a con- 
ventional data encryption algorithm, such 
as Data Encryption Standard (DES), using 
the MK. Through use of the MK. the SN 
is encrypted by the algorithm to generate a 
Derived Key (DK). The DK is then used in 
a second conventional data encryption al- 
gorithm. This second algorithm is used to 
encrypt data that is to be exchanged with 
an external system, or used to authenticate 
access. It may also be used to generate an 
electronic signature. 
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Multiple Cryptographic Key Distribution 



Background of the Invention 
Field of the Invention 

The present invention rdatesgeneraUy to coii^ and 
S more specifically to a means for geno-ating data encryption keys to provide an 

increased levd of data security for communications between a server ( such as a 
computer system) and a client (such as a smartcard). 

Related Art 

The increased use of computer systems to transmit and recrive sendtive 
10 data has elevated concerns about data security. For example, recent 

advancements in computer technology have provided consumer industries with 
what are commonly known as smartcards. A smartcard resembles a plastic credit 
card in size, shape, and construction. However, smartcards are essentially 
computers manufactured on plastic cards. They generally comprise a 
15 microprocessor, primary memory, and secondaiy memory for data storage. 

Additionally, smartcards have input and output means for exchanging data with 
external systems. Smartcards store and process application specific data. 
Commonly, the application specific data is user-specific and pertains to personal 
and/or business accounts of the smartcard owner. 
20 An example of an application of smartcard technology may be found in the 

banking industry. For example, smartcards may be used to replace common 
Automated Tdler Machine (ATM) cards. Conventional ATM cards merely store 
daU generally used to identify and authenticate users to the ATMs. ATMs 
typically communicate with central computer systems in order to process requests 
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by ATM customers. Often, communication line service outages prevent ATMs 
from processing customer requests. 

Smartcards on the other hand, with their built-in active computer circuitry 
can provide much greater fimctionality than conventional ATM cards. Smartcards 
5 can process data indq)cndentIyofthe ATM and the remote computer syst For 

example, a smartcard that contains current accoimt information such as balance 
and credit data, may eliminate the need for remote communications between the 
ATM and the central computer system, thereby decreasing ATM down time. 
Moreover, smartcards can manage several different accounts at once, and enable 
10 transfa-s and the like between such accounts. For example, people can use their 

smartcard to pay their credit card bill by issuing a command to transfer funds from 
thdr cheddiig account to their credit card account. All information necessary for 
the transfer is contained within the smartcard itself. Another advantage of 
smartcards is that they can conununicate with several external systems, such as 
1 5 ATM machines, pay phones, and personal computer systons. 

Smartcard technology can also be used with telecommunication 
technology such as wireless tdephone commurucations over cellular networks and 
other personal communications services (PCS). For example, a smartcard can 
maintain user account information pertaining to a telecommunication service 
20 provklcr and user specific features. The smartcard, when placed into a slot on a 

wireless phone, will instruct the phone to send the user's identification and 
authentication data to the originating switch on the service provider's telephone 
network. In tiiis way, the telephone network will automatically authenticate the 
user and access the user's account to provide user-specific and/or system specific 

25 features. 

A significant consideration \n the development and use of smartcard 
technology is data security. If a smartcard is to be used to access sensitive data 
regarding a user, certain measures of security are required to protect the user 
against unauthorized access. Likewise, if sensitive data is to be exchanged 
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between the anartcard and external systms, data encryption should be 
implemented. 

Smartcards in use today often use data encryption algorithms and 
encryption/deayption keys. The encryption^decryption keys are commonly multi- 
bit combinations that enable data encryption algorithms to encrypt data in a 
predictable manner. The encryption/decryption key is embedded within the 
pennanent memory of the smartcard, and is not acces^ble by people. Such keys 
and data encryption methods are used to authenticate the use of the card and to 
inter&ce with the applications that reside within the external computer systems. 
Data encryption provides for secure access to user accounts, secure data exchange 
between the cards mi the external systems, and dectronic ^gnatures that uniquely 
and securely identify users to originate smartcard transactions. 

If such keys are compromised, the measure of security provided by the key 
is broken. A key is compromised when it becomes known to an unauthorized 
user, sudi as a hacker. A hacker can break the code of a key, for example, with 
the use of a computer program that rapidly generates numerical combinations and 
tries each one as a key to gain access to the secured application. Eventually, the 
right combination is found and the key is broken. 

If a smartcard's key is compromised, great expenses are incurred. First, the 
smartcard must be replaced, since the key is usually hard-coded (permanently 
coded) into its memory. Even if the key is not hard-coded, the smartcard must 
still be re-programmed and a new key must be downloaded into its permanent 
memory storage device. Second, all extenial systems that communicate with the 
card must be re-programmed with the card's new key. The cost of such 
reprogramming and replacement can be very significant. 
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Summary of the Invention 

A system and method fijr generating data encryption keys that provide an 
increased level of security and versatility are provided. The invention is 
particularly adapted for use with smartcard technology, but is also applicable to 
other uses, as will be apparent to persons skilled in the art. The present invention 
stores a Master Key (MK) in a secured area of permanent memory of a device 
(such as a smartcard), that is inaccessible by hunums and systems external to the 
device. Also stored in this secured area of permanent memory and inaccessible 
by external systems are several Series Numbers (SN) Based on one of several 
offered mechanisms, one SN is selected. The selected SN is then oicrypted by a 
conventional data encryption algorithm uang the MK to generate a Derived Key 
(DK). The DK is then used in a second conventional daU encryption algorithm. 
This second algorithm is used to encrypt data that is to be exchanged with an 
external system, or used to authenticate access. It may also be used to generate 
an electroruc signature. 

By using a Derived Key (DK) as an encryption key in a second data 
enoyption algorithm, an additional level of security and versatility are provided. 
If the DK is compromised, a new DK is generated and the compromised DK is 
discarded. This occurs through the use of muhiple SN's and by altering the 
mechanism that selects the SNs. The compromised DKs are discarded by 
software changes only. This eliminates the need for replacing cards and 
reprogramming external systems with new encryption keys, \s*enever a key is 
compronused. 

An additional aspect of the present invention relates to its use with 
conventional Personal Identification Numbers (PIN). The smartcard may be 
programmed such that the mechanism that selects the SN is the entry of a PIN. 
Dififerent PIN's will cause the selection of diflfercnt SNs. If a DK is compromised. 
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the user need only enter another PIN. Only tl^ right combination of DK and PIN 
will cause the octemal system to authenticate the smartcard. 

The smartcard may also be prognunmed such that multiple sets of Series 
Numbers (SN) are encoded. This is nyeciaHy relevant for smartcards that contain 
multiple iqiplications, sudi as several credit card accounts. Each set of SN*s apply 
to an individual a{^lication or account. A certain PIN will select a corresponding 
s^ of SN's that relate to a certain application. Once the i4)propriate set of SN's 
is selected, then an individual SN is selected for encryption based on a pre- 
determined mechanism. 

Further features and advantages of the invention, as well as the structure 
and operation of various embodiments of the invration, are described in detail 
below with reference to the accompanying drawings. In the drawings, like 
reference numbers generally indicate identical, functionally similar, and/or 
structurally similar elements. The drawing in which an element first appears is 
indicated by the digit(s) to the left of the two rightmost digits in the corresponding 
reference number. 

Brief Description of the Figures 

The present invention will be described with reference to the 
accompanying drawings, wherein: 

Figure 1 is a block diagram illustrating the architecture of a client such as 
a smartcard according to the present invention; 

Figure 2 is a process flowchart illustrating the general operation of the 
present invention when used to authenticate client access to a server; 
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Figure 3 is a process flowchart illustrating the general operation of the 
present invention when used to encrypt and decrypt dat^ 

Figure 4 is a process flowchart illustrating the general operation of the 
present invention, with the additional aspect of utilizing PIN codes; and 

Figure 5 is a block diagram depicting the architecture of a server that 
communicates with clients according to the present invention. 

Detailed Description of the Preferred Embodiments 

Refening to Figure 1, a block diagram of the architecture of a smaitcard 
102 (also referred to herein as "cU«it"), utilizing the present invention is shown. 
While the invention is described for convenience in the context of a smartcard, it 
will be appreciated that the invention applies to all applications that use 
cryptographic keys that are subject to being compromised. To aid simplicity of 
illustration, components of the smartcard that are not relevant to the invention are 
not shown. Contained within the smartcard 102 is a secured area of permanent 
memory 104 that is inaccessible to external systems. A Master Key (MK) 106, 
and a phirality of Series Numbers (SNs) 108-1 through 108-n, are stored within 
the secured area 104. The plurality of Series Numbers are each multiple bit 
combinations that are permanently programmed into the smartcard 102. 

External to the secured area of permanent memory 104 is a program that 
includes a conventional data encryption algorithm (DEAl) 1 10. This program 
(DEAl) executes in the smartcard 102. DEAl 110 may be any of several weU 
known standard algorithms used for encrypting data. Details and implementation 
of such algorithms would be apparent to persons skilled in the relevant art(s). The 
DEAl 1 10 recdves an input and generates an output. The inputs to DEAl 110 
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are a selected series number (SSN) 116 and the MK 106. The output of DEAl 
110 is a Derived Key (DK) 112. 

The selected series number 1 16 is selected from the phirality of series 
numbers 108-1 through lOS-n. A selection algorithm 114 that is executed by the 

5 smartcardl02isusedto8electtheSSN116. A unique DK 112 is generated by 

DEAl 1 10 for each unique selected series number 1 16, in combination whh the 
MK106. Thus, the generation ofa Derived Key, DK, isaDEAl fimctionofthe 
MKandtheSSN, such that DK = DEA1(MK, SSN). 

Figure 5 is a blodc diagram depicting the architecture of a s^ver S02 that 

10 communicates with clients such as the smartcard 102, according to the present 

invention. A secured data storage area 504 is used to store a plurality of client 
information blocks 506-1 through 506-n. Each client information block 506 
comprises specific infomiation pertaining to each client 102 that is pre-authorizcd 
to communicate and conduct transactions with the server 502. 

1 5 Each client information block (506-1 through 506-n) includes a plurality 

of series numbers (such as ISN ... ISNn shown in diwit information block 506- 
1), and a master key (such as IMK shown in client information block 506-1). 
Each client information block stored within the server contains identical data as 
is stored in the corresponding dieht's permanent memory area 104. For example, 

20 suppose that client information block 506-1, stored within the server 502, 

corresponds to the client smartcard 102, as shown in Figure 1 In that case, the 
master key IMK, shown in client information block 506-1 is the same as the MK 
106. Likewise the scries numbers, ISNl ... ISNn shown in client information 
block 506-1, are the same as the series niimbers 108-1 through 108-n, stored 

25 within the smartcard 102. 

External to the secured data storage area 504 is a program that includes 
a conventional data encryption algorithm (DEAl) 1 10. This program (DEAl) 
executes in the server 502. DEAl HO may be any of several well known standard 
algorithms used for oicrypting data. Details and implementation of such 
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algorithms would be 8f>parent to perscms skilled in the relevant art(s). The DEAl 
1 10 receives an input and generates an output. The inputs to DEAl 110 are a 
selected soies number (SS>0 1 16 and master key such as IMK shown in S06-1. 
The output of DEAl 1 10 is a Derived Key (DK) 1 12. 

The selected series number 116 is selected from the plurality of scries 
numbers (ISNl through ISNn or example). A selection algorithm 114 that 
executes in the server 502 is used to select the SSN 1 16. The unique DK 112 
that is generated by DEAl 1 10, is dependent upon the inputs to the DEAl 110, 
namely the selected series number 1 16 and the master key such as IMK shown in 
506-1. 

As shown by the use of common reference numbers, the selection 
algorithms 1 14 that are executed within the server S02 and the client 102 are 
functionally equivalent. Therefore both the client 102 and the server 502 will 
generate the same sdected series number, if the same plurality of series numbers 
are used as inputs to both systems. Likewise, the data encryption algorithms 
1 10 that are executed within the server 502 and the client 102 are functionally 
equivalent. Therefore both the client 102 and the server 502 will generate the 
same derived key 1 12, if the same inputs (namely the selected series number and 
the master key) are used by both systems. 

Note that at least one series number is sdected to implement the additional 
levdofdatasecuiity according to the present invention. Mai^ different methods 
and/or different algorithms can be used to select a particular series number from 
the phjrality of series numbers according to the present invention. One method is 
to use the same sdection algorithm 1 14 in both the server 502 and the client 102. 
In this case, the same SN is selected in both the server 502 and the dient 102, 
since they both use the same algorithm. Alternatively, only one system, either the 
server 502 or the client 102 uses the sdection algorithm. In this case, the output 
from the sdection algorithm is passed to the other system, so that both systems 
generate common DKs. Several such examples of sdection methods are discussed 
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below in order to demonsdnate preferred ways to implmient the present invention. 
In addition to the examples bdow, many other variations are possible and as such, 
these examples ^lould not be construed to Hmit the scope of the present invention. 

One method which may be used to select a SN 106 from the plurality of 
SNs is by using an algorithm 1 14 programmed within the smartcard 102 that 
generates a random number. The random number is used as an index to select a 
particular SN 116. The SSN 116 is subsequently passed to the server 502 in an 
initialization transaction. The server 502 uses the SSN 116 received from the 
smartcard 102, along with the MK associated with the smartcard, (IMK shown 
in client information block 506-1, for example), to generate the same DK 112. 
The smartcard 102 acts in a similar manner. Accordingly, the transaction is 
validated. 

A variation on the above method is to have the server 502 generate the 
SSN 116 to be used by both the server 502 and the smartcard 102. The same or 
similar random number generating algorithm 1 14 as described above resides in the 
server 502. The selection algorithm 1 14 is used by the server 502 to select a SN 
from the plurality of SNs (ISNl-lSNn, for example) contained in the information 
506-1 block corresponding to the smartcard 102, therd>y generating a SSN 1 16. 
The SSN 1 16 is used by the server 502, along with the MK associated with the 
smartcard 102 (IMK shown in client information block 506-1, for example), to 
generate a DK 1 12 for the current transaction. The SSN 1 16 is passed to the 
smartcard 102, wh^e along with its internal MK 106, generates the same DK 1 12 
via the DEAl 1 10 in the smartcard 102, thus validating the transaction. 

Another example is to have the same selection algorithm 114 execute in 
both the client 102 and the server 502. The common algorithm 1 14 generates an 
index based on a non-random figure, such as date or the time. The index is then 
used by both the client 102 and the server 502 simultaneously to selea a SSN 
116, and generate a DK 112 for the session, as previously discussed herein. 
Altmiatively, this non-random type algorithm may be programmed within only 
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one of the systems and the SSN is passed to the other system, as described above, 
for example, in an initialization transaction. 

A secret code that is assigned to a smartcard holder, commonly referred 
to as a Personal Identification Number (PIN), can be used to select a particular 
SN. Such a number for example, can be used as an index to select a SN, or can 
be used as input to any number of different algorithms which are used to generate 
an index for the SN selection. 

As can be seen, many different methods for SN selection are available and 
will work as long as the same procedure is used in both the snuutcard 102 and the 
server 502, or the actual SN 1 16 is passed from one system to the other. In this 
way, the SSN 1 10 that is used by the smartcard 102, as input to its DEAl 110, 
is identical to the SSN 110 used by the server 502, as input to the server's DEAl 
1 10, so that identical DKs 1 12 are generated by both systems. 

Referring now to Figure 2, a process flowdiart illustrates the general 
operation of the present invention when used to authenticate client access to a 
server. In this example, the client may be a smartcard and the server may be a 
bank's ATM. The process begins in step 202, where the client requests access to 
the server. In step 204, the server passes token 205 to the client. The token 205 
is subsequently used as input during a data encryption step 212a performed by 
the server and a data enciyption step 2 12b performed by the client. Token 205 is 
simply a number that will be used by both the server and the client during data 
enciyption step 212a and 212b, and must be the same for both to authenticate 
access. The passing of the token in step 204 does not necessarily have to occur 
at this point in the process but should occur prior to steps 212a and 212b. 

The processes continues within both the client and the server whereby each 
system goioates a derived key. Sudi processes occur in parallel within the client 
and the server. Steps 206a through 212a depict the process steps taken by the 
server and steps 206b through 212b depict the process steps tak«i by the client. 



The server process b^jns with step 206a. In step 208a, the mechanism 
that selects the SSN 1 16 is executed. As previously discussed, this mechanism 
is typically an algorithm such as selection algorithm 114 that generates an index 
mmber n, which is used to spedfy the SN to be used for the current transaction. 
Other methods to select a SN could alternatively be used. The SSN 1 16 is made 
known to the dient, by eitho- passing the SSN 116 to the client, or by mnning the 
same or similar algorithm in the client as previously discussed herdn, such that the 
client generated SSN 1 16 is the same as the server generated SSN 116. The 
method used by the dient and the server is defined before the processing of the 
flowchart of Figure 2. Such definition may be achieved via an initialization 
transaction between the server and the client. 

The SSN 116 is used as input to step 210a, which is the first Data 
Encryption Algorithm (DEAl), as previously desoibed. A second input to DEAl 
210a is the MK 106, vAiicii is common to and stored in both the client and server, 
as previously discussed. In step 210a, DEAl uses the SSN 1 16 and the MK 106 
to generate the derived key (DK) 1 12 to be used in the current transaction. A 
similar process for generating the same DK 112 executes in the client in stq)s 
206b through 210b. 

In both the client and the server, the derived key 1 12 is used in a second 
Data Encryption Algorithm (DEA2) in steps 212a and 212b to encrypt the token 
205. DEA2 may or may not be the same encryption algorithm used in DEAl . 
As noted above, DEAl and DEA2 are any wdl known encryption algorithm. The 
token 205 is a common number to both the client and server. Therefore, identical 
resuhs (214a and 214b) are obtained firom the server's DEA2 212a and the 
cUent*sDEA2 212b. 

The client result 214b is passed to the server in step 216. The server 
recdves the client result 214b in step 218. In step 220, the server compares the 
client result 214b with the server result 214a. If the client result 214b matches 
the server result 214a, then the server allows access, as indicated by step 222. If 
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the cfient lesuk 214b docs not match the server result 214a, then the server does 

not allow access, as indicated in step 224. 

Referring to Figure 3, a process flowchart illustrates another embodiment 

of the present invention. In this example, the client may be a smartcard which 

needs to pass a confidential number Nl 304 to a server, which may be an external 

computer system. In this ecample, the exchange of Nl 304 must be kept secure. 
Therefore, Nl is encrypted using a Derived Key (DK) 1 12, as is characteristic of 

the presoit invention. The transaction of exchanging the confidential number Nl 

304 begins with step 302. 

Steps 206a through 210a and steps 206b through 210b are the same 
process steps as shown in Figure 2, used to produce the derived key 1 12 in the 
server and dicnt rcspectivdy. Note that the token passing step 204 is not used in 
the process depicted by Figure 3. 

The DK 1 1 2 that is generated by the client process in step 2 1 Ob i s used as 
a key for a second Data Encryption Algorithm (DEA2) in step 306. DEA2 
accepts the number Nl 304 as a first input and the DK 1 12 as a second input. 
The output of DEA2 is an encrypted number ENl 308, which is passed to the 
server in step 310. 

In stq) 3 12, a decryption algorithm, which is the reverse of DEA2, is used 
to regenerate the confidential number Nl. In step 312, the server uses an 
indepcndcntiy derived DK 112 as a first input and the received ENl 308 as a 
second input. Using this method, Nl 304 is exchanged between the cUent 
(smartcard) and the server (external computer system) in an encrypted maimer so 
as to maintain security. 

Furthermore, the specific encryption of Nl 304 results firom the use of a 
common Derived Key 1 12, which is independentiy generated by both the client 
and server. As with all of the methods described herein, if the DK 112 is 
compromised, a new DK can be generated by botii the dicnt and server by 
selecting a new SN. A new SN nuiy be selected by using a different selection 
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algorithm, or by u^ng the same selection algorithm with dififerent inputs. 
According, the present invention dSecdvdy removes the compromised DK from 
use. Many methods may be used to implement the modification of the sdection 
algorithms used by the client and/or the server. For example, both the client and 
the server may be manually reconfigured, or may be automatically reconfigured 
via a transaction between the dient and the server. Other implementations will be 
I4>parent to persons skilled in the relevant art(s). 

An additional aspect of the present invention will now be described with 
reference to the use of Personal Identification Numbers (PINs). PINs are 
commonly, but not necessarily, four digits in length. The smartcard 102 may be 
used for several different applications. For example, a single smartcard 102 may 
contain numerous credit card accounts. It may also contain multiple sets of SN's, 
where each individual set corresponds to a different application and /or server. An 
individual set of SNs is selected within the smartcard. A particular set of SN*s is 
sdeaed by the smartcard, as the result of a user entering a particular PIN into the 
server. Once a particular set of SNs is selected, the same process as previously 
described above is used within the smartcard and the server to conduct secure 
transactions. In addition to providing a means of security, this method also 
provides a means for automatically selecting an application on a multi-application 
smartcard. 

Reforing now to Figure 4, this operation of an additional embodiment is 
illustrated. After the transaction begins in step 302, the server process begins as 
step 206a indicates. A user inputs a particular PIN into the server, as indicated by 
step 402. The PIN 404 is passed to the client to be used as input to a series 
number set sdection process within the dient. In step 406 a particular set of SN's 
that corresponds to the particular application, such as an ATM bank account, is 
selected, in the client, based on the PIN 404. The set of SNs may be »milariy 
selected in the server, as indicated by step 403. The process from this point ori, 
continues in the same nuuuier as previously described, begirming with the SN 



wo 97/24831 



PC7r/US96/20144 



-14- 



selection steps by both the client and the server as depicted by steps 208b and 
208arespectivdy. Either steps 290 from Figure 2 or steps 390 from Figure 3 may 
be performed, as indicated by step 490. 

While various embodiments of the present invention have been described 
5 above, it should be understood that they have been presented by way of example 

only, and not limitation. Thus, the breadth and scope of the present invention 
should not be limited by any of the above-described exemplary embodiments, but 
should be defined only in accordance with the following claims and their 
equivalents. 
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What Is Claimed Is: 

1 1. A system for secured data communication between a cUen^ 

2 comprising: 

3 a client comprising: 

4 a secure mraiory suitable for storing data that is inaccesdble 

5 outaide of said client; 

6 a master key stored within the secure memoiy, 

7 a pluraliQr of series nund)er5 stared within the secure memory; and 

8 a first encryption device coupled to said master key and said series 

9 numbers, to generate a first derived key fi^om one of said series numbers, 

1 0 and said master key; 

11 a server in communication with said client, comprising: 

12 a server memory device; 

13 a plurality of master keys stored in the server memory device, each 

14 master key associated with a particular client that is pre-authorized to 

1 5 communicate and conduct transactions with the server; 

16 a plurality of sets of series numbers stored in the server memory 

17 device, each set associated with a particular client that is pre-authorized 

18 to communicate and conduct transactions with the server; 

19 a second encryption device, functionally equivalent to said first 

20 oicryption device, to generate a second derived key fi^om a series number 

21 fix>m one of said sets of series numbers in said server memory device that 

22 corresponds to said client, and one of said master keys in said server 

23 memory device that corresponds to said client, said first and second 

24 derived keys bdng identical. 
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1 2. The system of claim 1, wherein the ciient fiirther comprises a 

2 selecting means for selecting a particular smes number from said plurality 

3 of series numbers. 

1 3. The system of claim 2, wherein the server further comprises a 

2 second selecting means for selecting a particular series number from said 

3 set of series numbers that corresponds to said client. 

1 4. The system of claim 3, whcrd)y said second selecting means is 

2 functionally equivalent to said first selecting means so that the same 

3 particular series number is selected by both said first and second selecting 

4 means. 

1 S. The system of claim 2 wherein said selected series number is 

2 communicated to the server so that the server may use the same series 

3 number as the client. 

1 6. The system of claim 3 wherein said selected series number is 

2 communicated to the client so that the client may use the same series 

3 number as the server. 

1 7. The system ofdaim 2 ii^dierein said first sdecting nieans compri^^ 

2 means for accqiting a personal identification number firom a user; 

3 means for selecting a set of series numbers from said plurality of 

4 series numbers based on said personal identification number; and 

5 means for selecting a particular series number from said set of 

6 series nimibers. 
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1 8. The system of daim 1, wherein said first and second derived keys 

2 are used in subsequent encryption processes as enoyption keys. 

1 9. Amethod for secured data communication between a client and a 

2 server, said client comprising a first encryption device, and a secure 

3 manory suitable for storing data that is inaccessible outside of said client, 

4 said server comprising a second encryption device and a memory device, 

5 said method comprising the steps of: 

6 (1) storing, within the secure memory of the client, a master 

7 key; 

8 (2) storing, within the secure memory of the client, a plurality 

9 of series numbers; and 

10 (3) using said master key and said plurality of series of 

11 numbers by the client to validate and conduct transactions with said 

12 server. 

1 10. The method of claim 9, wherein step (3) comprises the steps of: 

2 (a) selecting, by the client, a particular series number fi-om the 

3 plurality of series numbers; 

4 (b) generating, by the client, a derived key u^g said master 

5 key and said selected number. 

1 11. The method of claim 10, further comprising the steps of 

2 (4) storing, within the memory device of the server, a plurality 

3 of master keys, each master key associated with a client that is pre- 

4 authorized to communicate and conduct transactions with said server; 

5 (5) storing, within tte memory device of the server, a plurality 

6 of sets of series numbers, each set associated with a client that is pre- 

7 authorized to communicate and conduct transactions with said server; 
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8 (6) selecting, by the server, a particular master key from said 

9 (riurality of master keys, said particular mast^ key being associated with 

10 said client; and 

11 (7) selecting, by the server, a particular set of series numbers 

12 from said plurality of sets of series nimibers, said particular set of series 

13 numbers being associated with said client. 

1 12. The method of claim 11, fiirthcr comprising the steps of: 

2 (8) selecting, by the server, a particular series number from 

3 said particular set of series numbers; 

4 (9) generating, by the server, a derived key identical to said 

5 derived key generated in step (3Xb), by using said particular master key 

6 and said selected series number. 

1 13. The method of claim 1 2, wherein the selection method of step (8) 

2 b fimctionally identical to the selection method of step (3Xa), so that both 

3 the client and the server selects the same said particular series number. 

1 14. The method of claim 10, wherein the client sends the selected 

2 series number to the server so that the server may use the same selected 

3 series number as the client. 

1 15. The method of claim 9, wherdn step (3) comprises the steps of: 

2 (a) accepting a personal identification number from a user; 

3 (b) selecting a set of series numbers from said plurality of 

4 series numbers based on said personal identification number; 

5 (c) selecting a particular series number from said set of series 

6 numbers; and 
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7 (d) generating, by the dient, a derived key using said master 

8 key and said selected series numbers. 
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